Running Laps Around Microsoft's LAPS

Microsoft's Local Administrator Password Solution (LAPS) is a great product for large monolithic organizations that have complete control over their domain joined Windows clients... but what about those of us that have more "liberal" users and expectations (technical debt)? We have come up with a solution that allows our domain joined clients to still be protected, without angering the previously delegated administrators (and in most cases, they don't even know it is happening, yet it is hidden in plain sight).

ActualReverend

ActualReverend hasn't had a job in the real world for over 15 years. Every day he gets up and is responsible for architecting infrastructure for hundreds of servers, thousands of endpoints, and tens of thousands of users all over this country and a few others. (Hundreds of thousands of users in some cases.) Away from work he enjoys living off the grid with his reluctant family and still gets excited whenever anyone from Microsoft tweets to him. (And yes, he does perform marriages.)